Published: 10/07/2013 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

parser.c in libxml2 prior to 2.9.0, as used in Google Chrome prior to 28.0.1500.71 and other products, allows remote malicious users to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml2 2.2.0
xmlsoft libxml2 2.2.2
google chrome 28.0.1500.68
xmlsoft libxml2 2.4.30
xmlsoft libxml2 2.6.16
xmlsoft libxml2 1.8.0
xmlsoft libxml2 1.8.16
xmlsoft libxml2 2.6.32
xmlsoft libxml2 2.1.0
xmlsoft libxml2 2.6.29
google chrome 28.0.1500.26
xmlsoft libxml2 2.4.19
xmlsoft libxml2 2.4.7
xmlsoft libxml2 2.4.17
xmlsoft libxml2 2.2.9
google chrome 28.0.1500.31
xmlsoft libxml2 2.8.0
xmlsoft libxml2 2.3.6
google chrome 28.0.1500.0
xmlsoft libxml2 2.6.26
xmlsoft libxml2 2.6.11
google chrome 28.0.1500.33
xmlsoft libxml2
xmlsoft libxml2 1.7.1
google chrome 28.0.1500.29
xmlsoft libxml2 2.7.2
xmlsoft libxml2 2.4.21
google chrome 28.0.1500.25
google chrome 28.0.1500.66
google chrome 28.0.1500.41
xmlsoft libxml2 2.4.20
xmlsoft libxml2 2.3.7
xmlsoft libxml2 2.6.17
xmlsoft libxml2 2.2.4
xmlsoft libxml2 2.4.25
xmlsoft libxml2 2.4.24
google chrome 28.0.1500.12
google chrome 28.0.1500.13
xmlsoft libxml2 2.5.0
xmlsoft libxml2 2.4.6
xmlsoft libxml2 2.4.12
xmlsoft libxml2 2.3.8
google chrome 28.0.1500.62
xmlsoft libxml2 1.8.5
xmlsoft libxml2 2.6.27
google chrome 28.0.1500.20
xmlsoft libxml2 2.3.13
xmlsoft libxml2 2.3.14
google chrome 28.0.1500.39
google chrome 28.0.1500.60
xmlsoft libxml2 2.1.1
xmlsoft libxml2 2.2.6
google chrome 28.0.1500.15
google chrome 28.0.1500.59
google chrome 28.0.1500.23
xmlsoft libxml2 2.2.10
xmlsoft libxml2 2.4.13
xmlsoft libxml2 2.3.1
xmlsoft libxml2 2.6.13
google chrome 28.0.1500.45
google chrome 28.0.1500.43
xmlsoft libxml2 2.7.8
xmlsoft libxml2 2.7.7
xmlsoft libxml2 1.7.0
xmlsoft libxml2 2.6.7
xmlsoft libxml2 2.6.14
xmlsoft libxml2 2.4.27
xmlsoft libxml2 2.4.18
xmlsoft libxml2 2.5.7
xmlsoft libxml2 2.3.0
xmlsoft libxml2 2.4.10
xmlsoft libxml2 1.8.10
google chrome 28.0.1500.40
xmlsoft libxml2 1.8.13
xmlsoft libxml2 2.4.26
xmlsoft libxml2 2.5.8
google chrome 28.0.1500.3
google chrome 28.0.1500.52
xmlsoft libxml2 2.4.28
xmlsoft libxml2 2.3.3
xmlsoft libxml2 2.2.8
xmlsoft libxml2 2.6.23
google chrome 28.0.1500.34
xmlsoft libxml2 2.4.9
google chrome 28.0.1500.46
xmlsoft libxml2 1.8.2
xmlsoft libxml2 2.4.5
xmlsoft libxml2 2.4.8
xmlsoft libxml2 1.8.9
xmlsoft libxml2 2.6.8
google chrome 28.0.1500.8
xmlsoft libxml2 1.7.2
xmlsoft libxml2 2.4.15
google chrome 28.0.1500.63
xmlsoft libxml2 2.4.11
xmlsoft libxml2 2.6.2
xmlsoft libxml2 2.2.7
google chrome 28.0.1500.53
google chrome 28.0.1500.4
xmlsoft libxml2 2.2.5
xmlsoft libxml2 2.2.3
xmlsoft libxml2 2.4.22
google chrome 28.0.1500.36
google chrome 28.0.1500.44
google chrome 28.0.1500.51
xmlsoft libxml2 2.6.5
xmlsoft libxml2 2.6.4
xmlsoft libxml2 2.7.5
google chrome 28.0.1500.19
xmlsoft libxml2 2.6.18
google chrome 28.0.1500.2
xmlsoft libxml2 2.4.16
xmlsoft libxml2 2.5.11
xmlsoft libxml2 2.6.24
xmlsoft libxml2 1.8.7
xmlsoft libxml2 2.3.5
google chrome 28.0.1500.50
xmlsoft libxml2 2.0.0
google chrome 28.0.1500.56
xmlsoft libxml2 2.3.10
xmlsoft libxml2 1.8.6
google chrome 28.0.1500.54
google chrome 28.0.1500.18
xmlsoft libxml2 2.4.2
google chrome 28.0.1500.27
xmlsoft libxml2 2.7.3
google chrome 28.0.1500.21
google chrome 28.0.1500.14
google chrome 28.0.1500.9
google chrome 28.0.1500.16
xmlsoft libxml2 2.3.4
google chrome 28.0.1500.37
xmlsoft libxml2 1.8.3
google chrome 28.0.1500.6
google chrome 28.0.1500.47
xmlsoft libxml2 2.6.1
xmlsoft libxml2 2.6.20
xmlsoft libxml2 2.6.31
xmlsoft libxml2 2.7.1
xmlsoft libxml2 2.2.1
xmlsoft libxml2 2.7.0
xmlsoft libxml2 2.6.21
google chrome 28.0.1500.42
xmlsoft libxml2 2.7.6
xmlsoft libxml2 1.7.3
google chrome 28.0.1500.11
xmlsoft libxml2 2.3.9
xmlsoft libxml2 2.4.1
google chrome 28.0.1500.17
xmlsoft libxml2 2.4.23
xmlsoft libxml2 2.6.12
xmlsoft libxml2 2.6.0
xmlsoft libxml2 2.6.25
xmlsoft libxml2 2.6.9
google chrome 28.0.1500.28
google chrome 28.0.1500.49
xmlsoft libxml2 2.5.4
xmlsoft libxml2 2.6.30
google chrome 28.0.1500.35
xmlsoft libxml2 1.8.1
google chrome 28.0.1500.61
xmlsoft libxml2 2.3.11
xmlsoft libxml2 2.4.3
google chrome 28.0.1500.48
xmlsoft libxml2 1.8.14
xmlsoft libxml2 2.7.4
google chrome 28.0.1500.22
google chrome 28.0.1500.64
xmlsoft libxml2 1.7.4
google chrome 28.0.1500.24
xmlsoft libxml2 2.6.28
google chrome 28.0.1500.58
xmlsoft libxml2 1.8.4
xmlsoft libxml2 2.5.10
xmlsoft libxml2 2.3.12
xmlsoft libxml2 2.4.4
google chrome 28.0.1500.10
google chrome 28.0.1500.32
xmlsoft libxml2 2.4.14
xmlsoft libxml2 2.6.22
google chrome
xmlsoft libxml2 2.3.2
xmlsoft libxml2 2.6.3
google chrome 28.0.1500.5
xmlsoft libxml2 2.2.11
xmlsoft libxml2 2.4.29
google chrome 28.0.1500.38
xmlsoft libxml2 2.6.6

Several security issues were fixed in libxml2 ...

USN-1904-1 introduced a regression in libxml2 ...

Several vulnerabilities have been discovered in the Chromium web browser CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline) CVE-2013-2867 Chrome does not properly prevent pop-under windows CVE-2013-2868 common/extensions/sync_helper ...

Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly For the oldstable distribution (squeeze), this problem has been fixed in version 278dfsg-2+squeeze8 For the stable distribution (wheezy), this ...

Debian Bug report logs - #806384 libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Nov 2015 20:48:01 UTC Se ...

Debian Bug report logs - #802827 libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSections Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Oct 2015 20:51:01 UT ...

Debian Bug report logs - #715531 libxml2: CVE-2013-2877 Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 10 Jul 2013 06:51:02 UTC Severi ...

Debian Bug report logs - #803942 CVE-2015-8035: DoS with XZ compression support loop Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 3 ...

Debian Bug report logs - #782782 libxml2: CVE-2015-1819: denial of service processing a crafted XML document Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Apr 2015 19:39:02 UT ...

Debian Bug report logs - #782985 libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso & ...

Debian Bug report logs - #783010 libxml2: out-of-bounds read Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Apr 2015 15:27:02 UTC Severity: normal Tags: fixed-upstream, jessie ...

parserc in libxml2 before 290, as used in Google Chrome before 280150071 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state ...

CWE-119 http://www.debian.org/security/2013/dsa-2779 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.securityfocus.com/bid/61050 http://www.securityfocus.com/archive/1/534161/100/0/threaded https://code.google.com/p/chromium/issues/detail?id=229019 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.ubuntu.com/usn/USN-1904-2 http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1 http://www.ubuntu.com/usn/USN-1904-1 http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html http://secunia.com/advisories/54172 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/55568 http://www.debian.org/security/2013/dsa-2724 ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html https://nvd.nist.gov https://usn.ubuntu.com/1904-1/https://access.redhat.com/security/cve/cve-2013-2877

Get Started

CVE-2013-2877

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect